Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (public and private) are thoroughly discussed with solutions. The security & privacy levels in cloud computing are illustrated and security solutions & standards for cloud computing are proposed. Encryption techniques for securing data in cloud environment are listed and latest security tools for cloud computing are included in this communication.

[1]  Robin Yeates Cloud Computing for Libraries , 2013, Program.

[2]  V. Quarles,et al.  Department of Electrical Engineering and Computer Science , 1994 .

[3]  Sugata Sanyal,et al.  A Survey on Security Issues in Cloud Computing , 2011, 1109.5388.

[4]  Insup Lee,et al.  Towards a data-centric view of cloud security , 2010, CloudDB '10.

[5]  Sumit Goyal Public or Private: which Cloud Computing Model Suits your Business? , 2013, CloudCom 2013.

[6]  Gang Wang,et al.  Large-Scale Electric Vehicle Operation Monitoring Platform Based on Cloud Computing , 2013 .

[7]  Peter Buxmann,et al.  Software as a Service: The Application Level of Cloud Computing , 2012 .

[8]  Yau-Hwang Kuo,et al.  An effective privacy protection scheme for cloud computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[9]  Sushil Jajodia,et al.  Verification of data redundancy in cloud storage , 2013, Cloud Computing '13.

[10]  Siani Pearson,et al.  A client-based privacy manager for cloud computing , 2009, COMSWARE '09.

[11]  An Xu,et al.  A Spatial Data Security Model under the Cloud Environment , 2013 .

[12]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[13]  Kai Miao,et al.  A Simple Technique for Securing Data at Rest Stored in a Computing Cloud , 2009, CloudCom.

[14]  Wei-Tek Tsai,et al.  Internetware computing: issues and perspective , 2009, Int. J. Softw. Informatics.

[15]  Zhao Yong,et al.  A Decentralized Information Flow Model for SaaS Applications Security , 2013, 2013 Third International Conference on Intelligent System Design and Engineering Applications.

[16]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[17]  Sugata Sanyal,et al.  Increasing Security in Cloud Environment , 2013, ArXiv.

[18]  Liqiang Chen Integrating Cloud Computing Services Using Enterprise Service Bus (ESB) , 2012 .

[19]  Jung-Soo Han,et al.  Policy on literature content based on software as service , 2013, Multimedia Tools and Applications.

[20]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2006, TSEC.

[21]  S. Goyal Perils of Cloud Based Enterprise Resource Planning , 2013 .

[22]  Roberto Di Pietro,et al.  Transparent security for cloud , 2010, SAC '10.

[23]  Joy Bhattacharjee,et al.  A Survey on Cloud Computing Security, Challenges and Threats , 2011 .

[24]  Patrick D. McDaniel,et al.  Principles of Policy in Secure Groups , 2001, NDSS.

[25]  Mark Eisenberg Applications for cloud computing , 2010, COM.Geo '10.

[26]  Abhishek Patel,et al.  A Proposed Model for Data Security of Cloud Storage Using Trusted Platform Module , 2013 .

[27]  Prashant Pandey,et al.  Cloud computing , 2010, ICWET.

[28]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[29]  C. R. Attanasio Virtual machines and data security , 1973 .

[30]  Paul England,et al.  Resource management for isolation enhanced cloud services , 2009, CCSW '09.

[31]  Marios D. Dikaiakos,et al.  Cloud Computing: Distributed Internet Computing for IT and Scientific Research , 2009, IEEE Internet Computing.

[32]  Lakshmi Sobhana Kalli,et al.  Market-Oriented Cloud Computing : Vision , Hype , and Reality for Delivering IT Services as Computing , 2013 .

[33]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[34]  Rich Kaestner,et al.  The Basics of Cloud Computing. , 2012 .

[35]  Debajyoti Mukhopadhyay,et al.  Enhanced Security for Cloud Storage using File Encryption , 2013, ArXiv.

[36]  Hossam Abdel Rahman A Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems , 2012 .

[37]  Delvis Simmonds,et al.  Public Cloud Computing vs. Private Cloud Computing: How Security Matters , 2012 .

[38]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[39]  Yongzhao Zhan,et al.  A hash-based secure interface on plain connection , 2011, 2011 6th International ICST Conference on Communications and Networking in China (CHINACOM).

[40]  Jörg Schwenk,et al.  All your clouds are belong to us: security analysis of cloud management interfaces , 2011, CCSW '11.

[41]  Vidyanand Choudhary,et al.  Software as a Service: Implications for Investment in Software Development , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[42]  Meikang Qiu,et al.  A Review on Cloud Computing: Design Challenges in Architecture and Security , 2011, J. Comput. Inf. Technol..

[43]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[44]  Mary Grammatikou,et al.  GEMBus as a Service Oriented Platform for Cloud-Based Composable Services , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[45]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[46]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[47]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[48]  Ian Foster,et al.  SaaS for science: the path to reality for research in the cloud , 2012, XSEDE '12.

[49]  Stephan Flake,et al.  Service Design Studio for SaaS , 2013 .

[50]  Eduardo Bayo,et al.  Integrated 3D Web Application for Structural Analysis Software as a Service , 2013 .

[51]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[52]  Anton Beloglazov,et al.  Energy-efficient management of virtual machines in data centers for cloud computing , 2013 .

[53]  A Min Tjoa,et al.  Retaining Data Control to the Client in Infrastructure Clouds , 2009, 2009 International Conference on Availability, Reliability and Security.

[54]  Myounghoon Jeon,et al.  Guest Editors’ Introduction , 2014, PRESENCE: Teleoperators and Virtual Environments.

[55]  Wouter Joosen,et al.  Federated Authorization for Software-as-a-Service Applications , 2013, OTM Conferences.

[56]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[57]  Geng Yang,et al.  Secure Document Service for Cloud Computing , 2009, CloudCom.

[58]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[59]  Lingdi Ping,et al.  Trust Model to Enhance Security and Interoperability of Cloud Environment , 2009, CloudCom.

[60]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[61]  Mariusz Stawowski The Principles of Network Security Design , 2007 .

[62]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[63]  Narayanan Rajagopal,et al.  Experiences in Delivering Power System Decision Support Tools over the Web Using Software-as-a-Service (SaaS) Model , 2012, 2012 Annual SRII Global Conference.

[64]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[65]  Frank Leymann,et al.  ESBMT: Enabling Multi-Tenancy in Enterprise Service Buses , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[66]  Issa M. Khalil,et al.  Security Concerns in Cloud Computing , 2013, 2013 10th International Conference on Information Technology: New Generations.

[67]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[68]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[69]  Alfred Basta,et al.  Computer Security and Penetration Testing , 2007 .

[70]  Qiang Yue,et al.  CSB: Cloud service bus based public SaaS platform for small and median enterprises , 2011, 2011 International Conference on Cloud and Service Computing.

[71]  Yogesh L. Simmhan,et al.  An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[72]  Marianne Winslett,et al.  A unified scheme for resource protection in automated trust negotiation , 2003, 2003 Symposium on Security and Privacy, 2003..

[73]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[74]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[75]  Jörg Schwenk,et al.  Breaking and fixing the inline approach , 2007, SWS '07.

[76]  Harit Shah,et al.  Security Issues on Cloud Computing , 2013, ArXiv.

[77]  Slinger Jansen,et al.  Key factors in the internationalisation process of SMEs exporting business software as a service , 2013, Int. J. Bus. Inf. Syst..

[78]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[79]  Sugata Sanyal,et al.  A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security , 2011, ArXiv.

[80]  Dan Lin,et al.  Data protection models for service provisioning in the cloud , 2010, SACMAT '10.

[81]  Achmad Nizar Hidayanto,et al.  Analysis of software as a service (SaaS) for software service provision alternative: a case study of e-office on demand service of PT. Telkom Indonesia , 2012 .

[82]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[83]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[84]  George Reese,et al.  Cloud application architectures , 2009 .